General

  • Target

    IntelCpHDCPSvc.exe

  • Size

    31KB

  • Sample

    240402-mahmwaee8t

  • MD5

    645384c8b2ed0e08aed63ed58ecb9720

  • SHA1

    666eefdf934dbb63b835817a2ac31b3e923662a9

  • SHA256

    cec2f548fbf7c1abf104af50e13301b8d46ee1be21a37579d81549ec4699b33b

  • SHA512

    2f46e13a25d2ec2b6182f0efdb0200356c9eeaae554c4781f46f701109058f9df8088b38c990b326c4cb8ff887d42660fdea1a873166bcb335992b36398e3c0b

  • SSDEEP

    768:DHGu8JtmWkItpLn+Pd1yRZFl99COmhkbfelW:bymStpD+mLFl99COmSuW

Score
10/10

Malware Config

Extracted

Family

xworm

Version

3.1

C2

147.185.221.17:50064

Mutex

y98jskG0GYy4J3g5

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

aes.plain
aes.plain

Targets

    • Target

      IntelCpHDCPSvc.exe

    • Size

      31KB

    • MD5

      645384c8b2ed0e08aed63ed58ecb9720

    • SHA1

      666eefdf934dbb63b835817a2ac31b3e923662a9

    • SHA256

      cec2f548fbf7c1abf104af50e13301b8d46ee1be21a37579d81549ec4699b33b

    • SHA512

      2f46e13a25d2ec2b6182f0efdb0200356c9eeaae554c4781f46f701109058f9df8088b38c990b326c4cb8ff887d42660fdea1a873166bcb335992b36398e3c0b

    • SSDEEP

      768:DHGu8JtmWkItpLn+Pd1yRZFl99COmhkbfelW:bymStpD+mLFl99COmSuW

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Drops startup file

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks